PVA Series – user context in Power Virtual Agent

In my previous post you were able to learn how to authenticate user in Power Virtual Agent. This post is about getting and using context of the authenticated user.

Authentication in PVA

Authentication in PVA is quite simple. It is built out of the below steps basically.

  1. User enters communication with the Bot
  2. Bot display button to log in
  3. User provides credentials
  4. After is logged in, authentication provider (AAD in this case) returns validation code
  5. Validation code, once provided back in a chat window, generates and stores bearer token in the AuthToken variable.
Authentication in Power Virtual Agent

Using the user’s context

To use now context of the user in your Power Automate, you have to use obtained bearer token as the authorization method.

Important! Power Automate flows having actions with a defined connection, authorized for different user, will not be executed using the context of the user from bot conversation.

To use context of a user you have to choose actions, that will authenticate on-the-go, for example HTTP (Premium). Then provide the token as the parameter in “Action” calling Power Automate:

And finally use the passed token from PVA as the “Raw” authentication method:

Using token from PVA to get user context in calling Microsoft Graph API.

In result you will be able (in this example) to call Graph API using context of a user who is authenticated in the conversation with a bot.

And that’s it. I hope this will help you benefit from calling action with user context and therefore personalize user experience in your Power Virtual Agents conversations. If you have any questions post them in comments below!

Tomasz Poszytek

Hi, I am Tomasz. I am expert in the field of process automation and business solutions' building using Power Platform. I am Microsoft MVP and Nintex vTE.

  • Ibrahim Idowu

    Please I am struggling to find the Get User Profile connector above
    How do I easily get this

    January 7, 2020 at 12:33 pm Reply
    • Tomasz Poszytek

      It’s not a ready to use action. This is “HTTP” action to call Graph API.

      January 7, 2020 at 12:38 pm Reply
  • Ananth

    The Get User Profile action fails for me with the message “Access token validation failure. Invalid audience.” Any suggestions ?

    January 16, 2020 at 4:28 am Reply
  • Ujjwal Sharma


    Since I don’t have permissions in my organization’s AAD, I requested my admin to register my bot in
    AAd with steps mentioned in I configured the authentication and it works fine in bot, but in the flow the http action gives an error.
    {“code”: “Authorization_RequestDenied”,
    “message”: “Insufficient privileges to complete the operation.”}

    Please help

    April 8, 2020 at 10:06 am Reply
    • Tomasz Poszytek

      So the authentication works fine. That’s cool. What are you trying to accomplish in Power Automate? What endpoint are you calling via http action?

      April 8, 2020 at 8:34 pm Reply
      • Ujjwal Sharma

        I am taking a reference from this article. You have used HTTP action which you have renamed as Get user profile in the image above. I’m doing the same with the same endpoint “” with raw authentication and bearer with auth token. I want to get user email and name from auth token.

        April 9, 2020 at 5:18 am Reply
        • Tomasz Poszytek

          If that’s the case, then be sure that registered app is also given the scope “Users.Read.All” from Graph API group. This one is required to actually obtain users data from Graph on behalf of someone. AND – that the admin consent is granted 🙂

          April 9, 2020 at 9:54 am Reply
  • dougm

    thankyou good article.
    Do you have any idea how to get the PowerVA session ID for someone who is not authenticated ? Is this possible ? For example an external user who is not part of the microsoft org ?

    April 12, 2020 at 4:40 am Reply
    • Tomasz Poszytek

      What do you mean a session ID? Like a unique GUID for a conversation? So there is nothing like that ootb. You can call a Power Automate to generate a guid (there is even the function called guid() for that) and return to conversation or to store it along with other data about the conversation.

      April 12, 2020 at 9:46 pm Reply
      • dougm

        I found the guid() function, just wasn’t sure if it was unique enough to use as-is. I read up on it and I think it probably is.
        Now my PVA bot calls an action as the first thing it does, to get a GUID and store it in a PVA variable which the PVA bot then passes back and forth to subsequent actions.

        thanks for your help.

        April 16, 2020 at 8:03 am Reply
  • Kevin

    How do you pass the authtoken to power automate? I only have the option to take a user’s input from Power Agent.
    Any suggestions?

    April 22, 2020 at 9:47 pm Reply
    • Tomasz Poszytek

      AuthToken is one of the outcomes of the “Authenticate” action. If you don’t have such Action, please follow steps described here: to configure authentication provider for your PVA.

      April 22, 2020 at 10:21 pm Reply
      • Kevin

        That portion works great, thanks to your post but the option to pass the authToken to flow so I can get the user information does not seem to appear for me.
        see image here…

        April 22, 2020 at 11:15 pm Reply
        • Jason

          I have same issue. Seems like there may be an issue with topics available as well. Based on what I have seen in other tutorials, there are a number of topics that I am not seeing in my tenant. I have only a small handful of basic ones. Maybe it’s a licensing thing or perhaps our environment is not provisioned for everything. We have an EDU tenant. Or maybe some of the functionality is still in Preview?

          June 4, 2020 at 5:31 pm Reply
          • Tomasz Poszytek

            PVA starts with a number of system settings. The other, pre-created ones were available in older version, as PVA was directly coming from Dynamics. Today there are 5 user topics, pre-created.

            June 4, 2020 at 11:37 pm
  • Jason

    Has PVA interface changed since this was published? I have gone thru all of the steps to register to app, gotten to the point of getting the chatbot authenticated, get the prompt for the access code, paste it back and user authenticated message is displayed when testing. But I do not see any action to get user information from Flow. I can call a Flow action from PVA canvas, but once in Flow the only actions are to add a basic input text or number static text and return value of same. What am I missing? I just want to get the authenticated user’s profile information (name, location, etc.) and return in a message in the bot. In PVA canvas, below the “you’re now logged in” action, the only Call an Action options available are Authenticate (again) and Create a flow. I don’t see any way to pass the AuthToken to the flow itself. I have scope set as openid profile User.Read.

    June 4, 2020 at 4:17 pm Reply
    • Tomasz Poszytek

      Hi, you need to pass the token variable from PVA to Power Automate via a text input. Then call Graph API to get user’s data. And then return outputs using text outcomes. Interface didn’t change.

      June 4, 2020 at 11:36 pm Reply
      • Jason

        Ok, thanks. I ended up figuring this out thru trial and error and a few other sites. For anyone out there who is struggling with this part, you have to create the Flow *first* inside your PVA canvas, added a text input and however many outputs you expect to have. Save the Flow and then delete the Flow action in PVA and re-add it. It will then show the input and output parameters. You then pass the authtoken as an input and use it in a call to Microsoft Graph like Tomasz demonstrates in the HTTP Request action in Flow (bearer parameter). Then you can use Flow in the usual way to get your JSON response, parse it and assign the parsed content to your PVA output so it can return the data to PVA chatbot. There’s several steps and right now you sort of have to piece these steps from various postings from folks like Tomasz and Microsoft docs. Very powerful once you get the set up and steps clear in your head.

        June 5, 2020 at 1:54 pm Reply
  • rahul

    Hi, I have integrated powerVA with power BI and not sure how to fetch userdetails of active session. I mean i want to add feature for BOT to auto recognize user name from logged in powerBI user and gets Name, email etc

    August 21, 2020 at 5:34 am Reply
  • Ksenia Lesko

    Hi Tomasz! I have set up the authentication for my PVA and all is working fine – it authenticates in a browser version and in Teams where my bot is deployed. I want, however, for the bot to know who it is talking to by pulling user data through the flow. I have tried so many things inlcuding the HTPP and parsing json but I can’t seem to be able to get it working. As you mentioned, there’s a ton of incomplete instructions on how to set this up all over blogs and microsoft docs, and I was wondering sicne you had just recently figured it out if you could share the step-by-step? It would be much appreciated! Ksenia

    August 21, 2020 at 5:38 pm Reply
    • Tomasz Poszytek

      Hi, this is not possible to get user context who talks with bot from Power Automate. You can pass user’s Bearer Token once they authenticate in PVA session to Power Automate, so that next you can use it to eg. call Graph API.

      August 29, 2020 at 10:25 pm Reply
  • Rmait

    Hello, nice article I must say. Just a question….is it possible to pass the context variable from PVA to the Application Tab in D365 Omnichannel during the handoff to an Agent? Thanks!

    August 28, 2020 at 5:25 pm Reply
  • Umer Javed

    Hi Tomasz,

    We are planning to use PVA on power apps portal. Employee will be logging into portal using Azure AD.
    When communicating via chatbot on portal we do not want employees to re login instead bot should actively start communication such as “Hello John”. For the logged in user, I wonder we could get automatically get the ir “ObjectID”from Azure AD? we can then use this Id to query CRM via flow and get user name therefore give a personalised welcome prompt….


    August 11, 2021 at 6:30 pm Reply
  • Mark Adkins

    How can I extract the PSID from Facebook Messenger webhook when integrated with PVA? I want to be able to pull user profile but need the PSID. This should be included as part of the initial communication from Messenger to PVA. Any ideas?

    April 17, 2023 at 11:47 pm Reply
    • Tomasz Poszytek

      I am sorry, I haven’t done such an integration and can’t help in that.

      April 18, 2023 at 9:26 pm Reply
  • Jitesh Kumawat

    Hi, thanks for this Article,
    Authentication did work fine for me.
    But, how to log out from the session now? I want to achieve a scenario, where different types of users can access the chatbot on the same device.
    Can’t find any topic/flow for logout. Could you help?
    I tried revoking authentication and refresh tokens from the identity provider, but it results in breaking the chat application, and the login flow was never triggered again.

    June 8, 2023 at 6:27 am Reply
    • Tomasz Poszytek

      Well, the scenario is meant for personal computer, not kiosk. I believe for such case you should make the bot to ask user for some identification data and based on responses to find out with which user bot is talking with.

      June 29, 2023 at 10:43 am Reply

Post a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.